Apr. 17, 2023 at 4:12 pm

Report reveals how this hacking group went from crypto attacks to targeting defence sector

April 17, 2023no commentAfrica deathnote Kaspersky lazarus pdf skype

Kaspersky has conducted an investigation into DeathNote, a cluster belonging to the notorious Lazarus group, which has undergone a significant transformation in recent years.

Beginning with cryptocurrency-related attacks in 2019, by the end of 2022, DeathNote was responsible for targeted campaigns against IT and defence companies in Europe, Latin America, South Korea, and Africa. The latest report from Kaspersky tracks the evolution of DeathNote’s targets and the development of its tools, techniques, and procedures over the past four years.

The report shows how Lazarus’ DeathNote cluster has moved beyond crypto attacks to focus on the defence sector with upgraded capabilities.

Kaspersky discovered a change in the DeathNote cluster’s infection methods in April 2020. The cluster began targeting automotive and academic organisations in Eastern Europe related to the defence industry by using the remote template injection technique and Trojanized open-source PDF viewer software.

Expand

The actor also switched all decoy documents related to job descriptions from defence contractors and diplomatic-related ones. In May 2021, an IT company in Europe was compromised, and in early June 2021, the Lazarus subgroup began using a new mechanism to infect targets in South Korea.

In 2022, Kaspersky found that the cluster was responsible for attacks on a defence contractor in Latin America using a Trojanized PDF reader with a crafted PDF file and a side-loading technique sent via Skype messenger, successfully breached a defence contractor in Africa.

The DeathNote cluster has evolved significantly since its discovery in 2015, with new modules and capabilities added over time. The malware is highly effective in evading detection by antivirus software due to its ability to customise payloads based on specific objectives and targets. Kaspersky recommends maintaining vigilance and taking proactive measures to defend against the Lazarus group’s malicious activities.

To avoid targeted attacks, conduct cybersecurity audits, train employees in basic cybersecurity hygiene, download software only from trusted sources, use EDR for timely incident detection and response, and adopt anti-fraud solutions to protect cryptocurrency transactions. Kaspersky Managed Detection and Response offer threat-hunting capabilities against targeted attacks.

Source link

Tags :Africa deathnote Kaspersky lazarus pdf skype

add a comment

Report reveals how this hacking group went from crypto attacks to targeting defence sector

Leave a Response Cancel reply

US job openings fall marginally, consumers less upbeat on the labor market By Reuters

Elegance, Empowerment and Polo: The Impactful Legacy of Access Bank UK Polo

UK tourists in Madrid warned ‘don’t spend money’ and ‘stay out of restaurants’

Russian Lawmakers Approve Cryptocurrency Use in International Trade

Why the Taylor Wimpey share price could be set for a second-half surge

Economy in focus: Montenegro

Revolut to Suspend Crypto Services for UK Business Clients: Report

Pepper Money Limited’s (ASX:PPM) Prospects Need A Boost To Lift Shares

Popular posts

[Event] Crypto and Digital Asset Fraud & Recovery – April 25th – 26th, South Kensington, London, United Kingdom | American Conference Institute (ACI)

My top 5 dividend shares for 2023!

Why Indian regulators have stood up to an overbearing Europe

Taxes fund disaster rebuilding cycle

Crypto Community Demands Investigation Into Gensler-FTX Ties

Sections

Contact Info

Leave a Response Cancel reply

You Might Also Like